Comment 2 for bug 1992214
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to kernel (master) | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit bc9df334b73b033
Author: Jiping Ma <email address hidden>
Date: Fri Oct 7 23:23:43 2022 -0400
Debian: Place module signing keys in a separate package
Currently we package our module signing keys as part of
the 'linux-kbuild' package. This means that anyone obtaining
our 'linux-kbuild' package, which we do publish, can produce
signed modules. This violates the intent of secure boot.
Re-package our module signing keys into a separate package
known as 'linux-keys'.
Testing:
- Build all out of tree modules successfully.
- An ISO image can be built out successfully.
- Installation of the ISO image is successful with standard and
low-latency profiles.
- The out of tree modules can be loaded successfully when secure boot is
enabled.
- Make sure there are not the keys in the lab that installed
with the ISO image.
Closes-Bug: 1992214
Signed-off-by: Jiping Ma <email address hidden>
Change-Id: I73e80b5869ebdc